<?php		
		$db = new MySQL();      	
		$curpass=md5((isset($_POST["txtcurpass"]))?$_POST["txtcurpass"]:"");	
		$newpass=md5((isset($_POST["txtnewpass"]))?$_POST["txtnewpass"]:"");
		$confpass=md5((isset($_POST["txtconfpass"]))?$_POST["txtconfpass"]:"");
		$table = "account";
		$mod = $_GET['mod'];
		$id_ses = $_SESSION['iduserlogin'] ;
					
        if ($_POST["form_"]=="edit")
        {		
				$sql = $db->select("select * from $table where id='$id_ses' and password = '$curpass'");
				if ($db->numrows($sql)>0)
				{	
					$query="update $table set password = '$newpass' where id = '$id_ses'";
					$sql1 = $db->update($query);					
					$db->close();
					
					echo "<script>alert('The password was changed!');</script>";
					echo "<script>location='?mod=".$mod."&act=edit'</script> ";
				}
				else echo "<script>alert('Currenly password not found!');</script>";	
        }				
?>
